hi,
sorry for my message. I'm tiny confused about the next one. could you
help me?:
here -- https://www.postgresql.org/docs/11/runtime-config-client.html
there is the text """If one of the list items is the special name $user,
then the schema having the name returned by SESSION_USER is substituted,
if there is such a schema and the user has USAGE permission for it. (If
not, $user is ignored.)""".
but actualy "$user" substitutes CURRENT_USER-value (not
SESSION_USER-value).
it's good because it would be a SECURITY VULNERABILITY if "$user"
substituted SESSION_USER-value (in conjunction with security definer
functions).
in case of CURRENT_USER-value we have no the vulnerable. which is good
:-)
but is there error in documentation text (runtime-config-client.html) ,
isn't?
thank you in advance.
